Described below is a method for providing a symmetric key for protecting a key-management protocol.
The technical field of the method relates to the protection or encryption of media data between user equipment, such as a personal computer, and provider equipment, for example a media server of a service provider.
Typically no measures are taken to protect the media data in SIP/RIP-based Voice-over-IP systems currently in use (such as the IP Multimedia Subsystem—IMS for example). This might be justifiable in mobile radio networks, which typically provide a Layer-2 data encryption, such as the UMTS or GPRS network for example. Such underlying Layer-2 encryptions are typically not present in fixed network scenarios however, so that own protection mechanisms have to be used here. This is all the more urgent since for example the IMS will also be used to an increasing degree in fixed network scenarios and not just in the mobile network environment, for which it was originally developed.
A possible approach to protecting the media data is end-to-end encryption between the two communication partners. However a variety of problems are typically encountered here such as key management, lawful interception, transcoding etc. A better variant here appears to be an end-to-middle approach, in which protection is only undertaken between the terminal and provider equipment (e.g. a media proxy).
In an end-to-end protection scenario the signaling end points and the media protection end points are the same, in an end-to-middle scenario they are different. RFC 3711 defines a profile for RTP, namely Secure RTP (SRTP), to protect the RTP stream. SRTP can be used to protect the media traffic in an end-to-end connection, i.e. the complete path between two communicating partners. RTP is also able to be used for an end-to-middle connection.